Link to home
Start Free TrialLog in
Avatar of Mushfique Khan
Mushfique Khan

asked on

wordpress admin password

Hi, some company designed my site in wordpress, would like to extract wp-admin password, don't want to reset it, but use the same as the designer created.

Is there any way to get the current/existing wp-admin password ... I don't want to reset it but rather use the same, as done by the designer.

I've cpanel access.

Please assist/advise.

Regards
MK
Avatar of David Favor
David Favor
Flag of United States of America image

All you can extract is the hash... which will take a very long time to crack.

If you reset your admin password, this will take a few seconds.

By hash, I mean the encrypted form of your password, which will be a hash (arbitrary string of characters).
Is the login saved in your web browser and you just don't know what it is?  If so I have a way you can view it.
Avatar of Mushfique Khan
Mushfique Khan

ASKER

can't I decrypt that hash value? ... no way at all?
@Chris Swinney ... no its not saved
Chris Swinney ... please share, how to view that password, I've cpanel access can see, also there are 3 dbs under phpMyAdmin, how to figure out, which one is the one I'm accessing?
I don't know if it will work for that but here ya go.

Right click in the password field that has the ****
Click inspect element
It will bring up the dev console, you want to look for User generated imageRemove the word password inside of the "" beside type= and leave the quotes there
You cannot decrypt a hash. WordPress uses salted hashes so you can't use a hash lookup table either. Your only option is to reset it. This security model is designed specifically to prevent hackers from being able to steal passwords if they were able to access the database (e.g. via SQL injection).
What version of WordPress?
Theoretically you can decrypt anything, given sufficient time + money + computing power.

So years of CPU time on a massive multi-core machine... Well, maybe months if you get lucky + the person used a password with some type of dictionary words. If they used a random 16 or 32 byte initial password to encrypt... well, the sun might go nova before you crack it.

If you have the unlimited time + money, search for cracking MD5 encrypted passwords.

Likely you'll require setting up a foundation, which can be run by your children, grandchildren, on + on, till password is cracked, sometime in the future when robots rule the world. :)

https://tipstrickshack.blogspot.com/2012/11/how-to-crack-md5-hash-in-ubuntu_17.html is one starting point. Likely you'd take this code. Run this code on a multi-core machine with hyperthreading under a job queue system to saturate/use all cores.
If it is an MD5 hash such as in pre v2.5, yes, reasonably easy to crack (why I asked about the version). After v2.5 salted hashes were added and it is extremely unlike that this will be crack, at least not in the time that would be useful to OP.
For those of us, who may touch 100s of WordPress sites in a day, this entire questions seems odd.

For example, most of my clients are generating massive amounts of cash + the last thing on their mind is some random password.

In fact, many of my clients require both Salts to be reset periodically + all user's passwords expired periodically, so every person, including admins + designers are forced to reset their password periodically.

I have other clients who require specialized iptables code which tracks logins + once a successful login occurs, the IP + user are pinned together for some time period, like an hour, where no other logins from any other IPs for a user are required.

After reading your initial question again, it occurs to me that a single account (user/pass) is being shared between many people.

I suppose this is fine for a hobby site.

For a production site, each person best have their own user/pass, so logging can be run on the site tracking who's doing what.

Sharing logins is a nightmare for security + determining who really changed what on a site.
ASKER CERTIFIED SOLUTION
Avatar of Mushfique Khan
Mushfique Khan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
fix it myself ... ;)